Mirrors/flux2
1
0
Fork 0
mirror of synced 2026-03-18 08:56:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #787 from fluxcd/fix-rbac-namespace

Browse Source 
RBAC Fix: Replace SA namespace in ClusterRoleBindings
This commit is contained in:
Stefan Prodan
2021-01-26 19:21:19 +02:00
committed by GitHub
parent f4db124d50 4c29a1ca27
commit 9f39fadb9e
1 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
pkg/manifestgen/install/manifests.go
View File

@@ -17,8 +17,10 @@ limitations under the License.
package install package install
import ( import (
"bytes"
"context" "context"
"fmt" "fmt"
"io/ioutil"
"net/http" "net/http"
"os" "os"
"path" "path"
@@ -91,9 +93,23 @@ func generate(base string, options Options) error {
return fmt.Errorf("generate roles kustomization failed: %w", err) return fmt.Errorf("generate roles kustomization failed: %w", err)
} }
if err := copyFile(filepath.Join(base, "rbac.yaml"), filepath.Join(base, "roles/rbac.yaml")); err != nil { rbacFile := filepath.Join(base, "roles/rbac.yaml")
if err := copyFile(filepath.Join(base, "rbac.yaml"), rbacFile); err != nil {
return fmt.Errorf("generate rbac failed: %w", err) return fmt.Errorf("generate rbac failed: %w", err)
} }
// workaround for kustomize not being able to patch the SA in ClusterRoleBindings
defaultNS := MakeDefaultOptions().Namespace
if defaultNS != options.Namespace {
rbac, err := ioutil.ReadFile(rbacFile)
if err != nil {
return fmt.Errorf("reading rbac file failed: %w", err)
}
rbac = bytes.ReplaceAll(rbac, []byte(defaultNS), []byte(options.Namespace))
if err := ioutil.WriteFile(rbacFile, rbac, os.ModePerm); err != nil {
return fmt.Errorf("replacing service account namespace in rbac failed: %w", err)
}
}
return nil return nil
} }